CVE-2023-27826

HIGH

SeowonIntech SWC-5100W Firmware 1.11.0.1, 1.9.9.4 - OS Command Injection via doSystem() Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-27826. PoCs published by Momen Eldawakhly.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in the WIMAX SWC-5100W router's diagnostic.cgi endpoint to achieve authenticated remote code execution (RCE). It allows arbitrary command execution via the ping_ipaddr parameter and includes functionality for testing vulnerability and obtaining a reverse shell.

Description

SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.

Exploits (1)

exploitdb WORKING POC

by Momen Eldawakhly · pythonremotehardware

https://www.exploit-db.com/exploits/51311

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in the WIMAX SWC-5100W router's diagnostic.cgi endpoint to achieve authenticated remote code execution (RCE). It allows arbitrary command execution via the ping_ipaddr parameter and includes functionality for testing vulnerability and obtaining a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4)

Auth required

Prerequisites: Network access to the target router · Authentication credentials for the router

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://pastebin.com/raw/buhVV7iL

Product

https://usermanual.wiki/SEOWON-INTECH/SWC5100W

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51311

Scores

CVSS v3 8.8

EPSS 0.1177

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

seowonintech/swc-5100w_firmware 1.9.9.4

seowonintech/swc-5100w_firmware 1.11.0.1

Published Apr 12, 2023

Tracked Since Feb 18, 2026